[SchoolFinance] Infinite Vision (School ERP Pro) Employee Portal Fraud

Tue Jul 29 13:12:20 EDT 2025

Good Afternoon,
MSAD 17 does not allow direct deposit changes to be made via the portal.
They MUST come into the Central Office with a change form and a voided
check.
We learned this when a similar incident happened before we had Employee
Access and would let employees email us with changes.  The hacker got a
hold of the form, created a check, and was manipulating the employee's
account in real time.  The bank that received the funds said they couldn't
talk to me as I was not the account holder.  It is very frustrating.

Carrie

On Tue, Jul 29, 2025 at 12:46 PM Tracy Wilson <twilson at rsu10.org> wrote:

> I wanted to put this out there to warn other districts about what has been
> happening with our employee portal and direct deposits and to also see if
> it has been happening in your district.
>
> A scammer is hacking into our employees district gmail accounts, going
> into their employee portal and changing their direct deposit.  I then go in
> and check the routing numbers and approve it.  The employee gets an email
> stating that their changes have been approved.
>
> The problem is the scammer gets these emails and deletes them in real
> time.  The scammer will also use the employees account to email us back.
> There is no way for us to know that the employee is not the one emailing us
> as it is truly the employees account.
>
> The receiving financial institution will not give us any information about
> the account whatsoever (we can't even report the account as fraudulent).
> We have to go through the district's bank to try and get the money back.
> Our insurance company also believes that the district is not liable for the
> "stolen" money but we obviously want our employees to get their pay.
>
> Our next steps are to not allow any changes in the portal anymore, and/or
> require a two-factor authentication to be put on their district email
> account.  We have tried that before but some employees balked on the idea.
>
> Has anyone else encountered this?  If so, what steps did you take?
>
> --
>
>    - Tracy L. Wilson
>    - R.S.U. #10
>    - Payroll Specialist/Bookkeeper
>    - twilson at rsu10.org
>    - (207)369-5560 ext. 8201
>    - (207)562-7059 fax
>    -
>    - Confidentiality Notice: This email message, including any
>    attachments, is for the sole use of the intended recipients and may contain
>    confidential and privileged information. Any unauthorized review, use,
>    disclosure, or distribution is prohibited. If you are not the intended
>    recipient, please contact the sender by reply email and destroy/delete all
>    copies of the original message.
>
>
> This is a staff email account managed by Western Foothills Regional School
> Unit 10.  This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you have received this email in error please notify the
> sender._______________________________________________
> SchoolFinance mailing list
> SchoolFinance at maillist.informe.org
> http://maillist.informe.org/mailman/listinfo/schoolfinance

-- 
Carrie Colley
Director of Finance & Operations
M.S.A.D. #17
232 Main Street, Suite 2
South Paris, Maine 04281
207-743-8972
207-743-2878 (Fax)
c.colley at msad17.org
This is a staff email account managed by Oxford Hills School District -
MSAD 17.  This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender.
<c.colley at msad17.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://maillist.informe.org/pipermail/schoolfinance/attachments/20250729/d36cd4aa/attachment-0001.htm>